Skip to content

REL2_0_1
Compare
Choose a tag to compare
@mpalmi mpalmi released this 10 Aug 17:02
REL2_0_1
This tag was signed with the committer’s verified signature.
mpalmi Mike Palmiotto
GPG key ID: 493F2A5C73FBED10
Learn about vigilant mode.
7ae26e5

GUC deprecation and RESET logic bugfixes

  • Fix GUC deprecation logic to stop printing noisy NOTICEs every time
    GUCs are referenced.
  • Appropriately check for RESET SESSION AUTHORIZATION and drop invalid
    reference to RESET USER.

This release addresses CVE-2021-38140:

Potential privilege escalation using RESET SESSION AUTHORIZATION after set_user(). This is now blocked along with RESET ROLE.

Assets 2
Loading